Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

TECH TRAINING 1 – HUNTING WEB ATTACKERS

TRAINER: Laurent Oudot (Founder, TEHTRI Security) & Laurent Estieux (CTO, TEHTRI Security)

 CAPACITY: 20 pax

 SEATS LEFT: REGISTRATION CLOSED

 DURATION: 2 days (22nd & 23rd May 2012)

 COST (per pax): EUR1499 (early bird) / EUR1899 (non early-bird)

 

 OVERVIEW

The goal of this innovative training is to prepare white-hats and to improve their skills in this already running cyber war against web attackers. Thanks to this course, attendees will learn how to detect web intruders, and then sometimes how to strike-back so that they can better identify the assailants or neutralize their actions.

This technical hunt will be based on hands-on exercises launched with the help of the instructor on a dedicated LAN, so that the students will have the opportunity to apply those special techniques for real, in case they would have to do it by themselves in their own environment.

The trainer has been involved in the IT Security field for the last 15 years. His international experience about offensive and defensive technologies will allow the students to get a cutting-edge training and to be prepared to hunt down web attackers once they are back on their own networks…

COURSE AGENDA

1) Web threats & Advanced intrusions

The first part will explain and remind to the students, every needed concepts about intrusions through the web vector, and the resulting fingerprints left during such steps.

1. Pre-intrusion: how attackers prepare their future evil actions
2. Intrusion: how attackers get an access on a remote box through the web
3. Post-intrusion: what kind of actions are launched by the attackers, like:

a.) Keeping control: how they try to backdoor and control your boxes
b.) Cleaning fingerprints: how they try to hide and cover their tracks
c.) Privilege escalation: how they try to improve their rights on the systems
d.) Local exploration: how they try to explore your computer and your local network
e.) Remote bounce: how they try to bounce from your servers to remote networks
f.) Abuse incoming clients: how they try to compromise incoming clients

Each attendee will know the real current threats for their web servers.

2) Detect Attackers

This second part will talk about how to detect web intrusions. The goal will be to get through any
technical possibilities that might help white-hats at detecting standard & stealth attackers through different layers.

a. Application Layers: how to detect attacks and intrusions (successful attacks) through the applications layers (web server logs, data on the hard drive…)

b. System Layers: how to look at the OS to find the attackers (processes, system logs…) 3. Network layers: how to use network in order to improve detection (routers, firewalls, NIDS…)

3) React!

Once we find that something get wrong on our web server, the question is how to handle those events properly. The classical behavior looks like: shutting down services or infected computers, deleting the tools of the attackers or reinstalling the computer, and then hardening the computer just before going online again. Sometimes, the logs are used for legal purposes, etc.

But here, in this training, this third big part will propose innovative ways to behave. We will show how to react against the attackers with a live offensive behavior. This will help at fighting back web intruders so that we can get more info about their identity or sometimes to neutralize their forces.

Those innovative actions will be used to strike back remote attackers for different kind of purposes:

About striking-back attackers

a. Legal issues
b. Timeline issues
c. Technical issues
d. Attacking the tools of the attackers

Identify attackers a. Get more information on remote attackers (identity, information, tools, data…)
Compromise the attackers a. Get a remote control of the IT resources of the intruders b. Neutralization of the attackers

4) Final hands-on

Though the training is already full of hands-on exercises, we will finish with a final advanced session, with a live hacking simulation, so that any concepts seen during the two days might be applied successfully on a kind of real case.

WHO SHOULD ATTEND?

• System & Network administrators, who want to improve their protection against web attackers
• Pen-testers, Security analysts & auditors, who want to get new solutions against web attackers
• IT Security & Computer Emergency Responses Team, who want to get prepared for this cyberwar
• Authorities & Law enforcement teams, who want to know how to take a step further with new technical opportunities to handle cyber crimes

PREREQUISITE KNOWLEDGE:

Basic experience with ASP or JSP or PHP, SQL and HTTP. No stress: minimum needed knowledge will be reminded and explained at the beginning of the training TCP/IP (IPv4) to connect your laptop to the hands-on lab Experience of Windows or Unix-like operating systems and shell scripting.

HARDWARE REQUIREMENTS

Please bring a laptop with at least 2 GB RAM and network support to connect to the hands-on lab. Use your favorite Operating System, but please be sure to come with VMplayer, VMWARE workstation, or VMWARE Fusion. Virtual machines will be provided, but you’re welcome to use your own custom system (e.g. BackTrack Linux). Your machine should be equipped with:

o Clients: SSH, FTP, and web browser (Latest Firefox suggested with those plug-ins: Live HTTP Header, Cookie Monster, Header Spy, Modify Headers, Tamper Data…)

o Services: a local web server (like a recent Apache/PHP/Mysql enabled (LAMP/WAMP architecture)…)

o Tools: Shell tools and scripting languages (Instructor will use python, bash, curl, netcat, wget, etc). Windows end-users should install Cygwin.

ABOUT THE TRAINERS

Laurent Oudot (Founder/CEO, TEHTRI Security)

Laurent OUDOT is a senior IT Security consultant, CEO and founder of TEHTRI-Security. Last 16 years, he has been hired as a security expert to protect and pentest networks and systems of highly sensitive places like: French Nuclear Warhead Program, Ministry of Defense, United Nations, etc.

He has been doing research on defensive technologies and underground activities with numerous security projects handled (Steering Committee of the Honeynet Research Alliance, creator of RstAck, etc). Laurent has been a frequent presenter or instructor at computer security and academic conferences like HITB Dubai-Malaysia-Amsterdam-India, BlackHat, Cansecwest, Pacsec, Defcon, US DoD/DoE, Hope, Honeynet, PH-Neutral, Hack.LU, as well as a contributor to several research papers for SecurityFocus, MISC Magazine, IEEE, etc.

Laurent Estieux (CTO, TEHTRI Security)

Laurent ESTIEUX is a senior IT Security consultant, CTO of TEHTRI-Security, and has over 10 years of experience in security audit, penetration testing and vulnerability research. He graduated from Telecom ParisTech with a French engineer degree (master degree).

Before joining TEHTRI-Security, he has been working in various French ministries or European institutions, as a senior security expert at the French IT security Agency (ANSSI). His main research interests are web technologies security and applied security in large environments. Laurent was a member of team RstAck and contributed to MISC Magazine. He has been a regular instructor in computer security lectures dedicated to governmental or business attendance, including top ranking management sessions.

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

( / 10 )